‘Working from home’ (WFH) has become the order of the day during this precarious lockdown. The way of accomplishing the tasks has drastically changed, with working from home as the only viable option. One’s dependence on the internet has increased manifold since the COVID-19 pandemic has caused restrictions on physical gesticulations. Online traffic has escalated due to jaked up video conferencing, meetings, online classes, and chatting. The use of apps like Paytm, Google Pay, BHIM, Phonepe, etc. as a mode of making payments has also witnessed a surge.
During this lockdown, along with the working habits, the modus operandi of the crimes has also changed. No doubt the crime rate has subsided as people are staying back but online frauds have seen an upsurge. Apart from being interaction/communication interfaces, sometimes these also serve as platforms for criminal elements and eventually end up being the epicenters of immeasurable security concerns. This working from home has now become an opportunity for cybercriminals to exploit the people through e-mail scams, hacking passwords, phishing, ransom attacks, online sexual harassment, etc.
Though cyber-crimes have been increasing continuously, there has been an upsurge during the lockdown due to people doing all the official as well as un-official work from their laptops or phones. Besides hackers directly attacking the systems, fake websites are being created to trap the users.
PHISHING:Phishing is the cybercrime where the criminal accesses the information and details of the user through a link or e-mail that seems legitimate but is in fact, fraudulent. Phishing attacks have mushroomed to a large number during this lockdown. Spy-attacks and Ransom attacks are posing a threat to people submitting personal information online. Spyware steals the personal information and account details of the users, whereas a ransom attacker dominates and takes over the login credentials of the user. An app called ‘Covidlock’ is used as ransomware to target the anxious population, misrepresenting the same as an app to keep track of the spread of coronavirus.
HACKING AT COMPANIES AND OFFICES:According to a recent report by Pricewaterhouse Coopers, the number of cyber-attacks on various firms has increased manifold times since the corona outbreak. Companies have set up a VPN structure, to let the employees have access to all the information, which has become the target of the hackers. Hackers are trying to hack the software of the companies in order to gain access to all their important details and data. The use of an already-made malware ‘AZORult’ has increased for phishing into the companies. There have been cases of unwanted software trying to infiltrate to the companies’ systems for theft and malicious payloads
Hackers have even attempted to hack the computers of the Indian State Tax Department to steal sensitive information of PAN Cards, GST numbers, phone numbers, and e-mails. There have been several attempts made by the hackers at banks and Stock Markets leading to the brokerage. PM’s COVID fund has also been one of the targets of the Hackers.
PATIENTS AT RISK:There have been cyber-attacks not only at local hospitals or test centers but also at the World Health Organization (WHO) to steal the passwords of WHO workers. Ransomware attacks have been detected in hospitals and other test centers where the important files of the patients are taken and not returned till a particular amount of ransom is paid. Hospitals have been alerted about ransom sites that claim themselves to be government advised sites to keep a check on the corona patients but then hacks the system.
OTHER ONLINE CRIMES RELATED TO SOCIAL MEDIA:Social networking apps like Facebook, WhatsApp have become an important tool to spread fake information. The Digital infrastructure across the globe is immensely comprised of these international tech-giants like YouTube, Google, Facebook, Twitter etc. The social world has witnessed a complete transformation by these corporations, without any regulation or accountability of their Modus Operandi. These fake news’ triggers the people, as they blindly believe these reports, and start reacting accordingly. Besides this, these online chatting apps are misused to sexually harass people. It has become inevitable for the employees to stay in touch with each other, so they opt for these communication platforms and sometimes end up being exploited in some way or the other.
Information Technology Act, 2000 is the only specific actions we have which is the basis of cyber laws and provides for different cybercrimes, their punishment, and sufficient Remedies.
The ransomware attacks are punishable under Section 66 E and 66 F of the Information Technology Act, 2000. Under section 43 of the IT act, Hacking is a civil offense but if committed in a fraudulent way the person is punishable with imprisonment under section 66 B. The offense of phishing is punishable with imprisonment up to 3 years and a fine up to 1 lakh under Section 66 C of the IT Act. Section 72 and 66 of the IT Act provides for the crime of cyber-stalking and online harassment.
Besides IT Act, 2000, the Indian Penal Code, 1986 also provides with some of the punishments and remedies for cyber-crimes: Section 419 of IPC provides for the frauds by impersonation. Section 354 of IPC provides for the crime of cyber-stalking and online harassment and its punishment with imprisonment up to 2-3 years. The persons spreading fake news can be arrested under Section 505 of the IPC and Section 54 of Disaster Management Act, 2005 and can be punished with imprisonment up to 3 years and fine up to 1 lakh or both.
The cyber laws of America and other European countries are much more developed than those in India. U.S.A has a number of acts in this regard: the Electronic Communications Privacy Act, Computer Fraud and Abuse Act, Cyber Intelligence Sharing and Protection Act all to deal with the issues of cyber-crimes. Moreover, all the states of the United States are given the power to enact more laws and policies according to the need of the hour.
Canada also has strict laws against cyber-crime. Separate Health Sector Privacy laws deals with online crimes against hospitals, test-centers, laboratories, and clinics. Personal Information Protection Act and Electric Documents Act are further enacted to prohibit phising and hacking. Canadian Anti-Fraud Centre is established which works against the marketing frauds.
Most of the European Countries have signed the Budapest Convention on Cyber Crime is an important step towards strengthening of cyber-laws against online frauds. The objective of the convention is to criminalize the offenses against privacy breach, confidentiality, breaking into the computer systems and set proper procedures to investigate against these Crimes. Other countries including England, Russia and Brazil have efficient acts and systems to act against cyber-crimes.
India is even not a signatory to the Budapest Convention on Cyber Crime and has not set any particular procedures to be followed to catch the cyber-criminals. National Cyber Security policy 2013 was aimed to form the workforce of 500,000 skilled cybersecurity professionals but the objective is still not achieved. The number of ethical hackers in India is far more than the number of skilled IT professionals associated with the cyber police.
The problem of cyber laws in India starts with not having any set definition of cyber-crime in any act or law. Though there are some laws and remedies in the IT Act, 2000 but there are a lot of grey areas. These include intellectual property rights including copyrights, infringement and trademark. Moreover, there are no specific inclusions or the scams against the big companies and hence have to be treated only under the sections of hacking and online fraud. No separate policies are enacted for handling the cybercrimes against the health care sectors.
Territorial Jurisdiction is another major issue which is not specifically dealt by any cyber law. Since cyber crimes are computer and internet-based crimes, the hacker is far-sitting and maybe in another state and hence determination of jurisdiction is difficult. Preservation of evidence is another problem. As most of the evidence and proofs are online and in systems, destruction of the evidence is easy.
Besides this, the already existing laws are limited only to the theoretical punishments as it is not easy to prosecute the criminal due to anonymity. There are no concrete measures to take actions against these online criminals and no strategy to find these criminals sitting far away in comfort away from the actual location.
The government must ensure the safety of the state digital network & systems which store important public information and must take concrete steps in this regard. The lockdown has exposed the weak cyber-laws and after about a 5 percent increase in cyber-crimes, the government has shifted some focus to this side and the cyber-centers and cyber-police have become active. The government is issuing an advisory to the public to not to fall prey to these only crimes and take precautions while filling their details and passwords on online sites. But the government also needs to come up with some stronger laws, procedures, and strategies to catch the hackers. Besides, there is a need to introduce some security applications to prevent the companies’ systems and hospital computers from hacking.
These are some of the short-term solutions during the lockdown but there also needs some reform in the current Information Technology Act, 2000 as it is a comprehensive act and does not include much of the other aspects which are affected by the cyber-crimes.
